March 10, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Over the last several weeks, there has been a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China. The vast volumes of data analyzed suggests these countries may even be coordinating attack efforts. Per analysis available, attack trend lines that compare Russia and China show almost the exact same pattern. Juxtaposed to a chart from Germany indicates that it is not even close to the same pattern, leading to educated speculation that these countries could be coordinating efforts. According to the Brookings Institute, “The U.S. National Security Strategy declares Russia and China the two top threats to U.S. national security. At the best of times, U.S.-Russia ties are a mixture of cooperation and competition, but today they are largely adversarial… Russia’s increasingly close relationship with China represents an ongoing challenge for the United States. While there is little that Washington can do to draw Moscow away from Beijing, it should not pursue policies that drive the two countries closer together, such as the trade war with China and rafts of sanctions against Russia.”
While no two organisations are the same, one useful way to think about deploying threat intelligence is to focus on three stages: monitoring, integration and analysis. In the early days of a project threat intelligence strategy, it’s unlikely that you’ll have the relevant expertise, time, or resources that are necessary to support proactive intelligence analysis yet. However, by collecting information from various sources and monitoring them for threat indicators relevant to your business, it’s possible to drive significant value. This could include things like leaked corporate credentials, mentions of your product on the dark web or looking for typosquats of your corporate brands in domain name registrations that are important as you begin your journey. The intelligence gained from doing so could help to inform the IT department for password resets, phishing email campaigns targeting employees and accelerate efforts to verify potential security incident efforts. Next comes integration.?
When we’ve been asked "when are types coming to JavaScript?", we’ve had to hesitate to answer. Historically, the problem was that if you asked developers what they had in mind for types in JavaScript, you’d get many different answers. Some felt that types should be totally ignored, while others felt like they should have some meaning – possibly that they should enforce some sort of runtime validation, or that they should be introspectable, or that they should act as hints to the engine for optimization, and more! But in the last few years we’ve seen people converge more towards a design that works well with the direction TypeScript has moved towards – that types are totally ignored and erasable syntax at runtime. This convergence, alongside the broad use of TypeScript, made us feel more confident when several JavaScript and TypeScript developers outside of our core team approached us once more about a proposal called "types as comments".?The idea of this proposal is that JavaScript could carve out a set of syntax for types that engines would entirely ignore, but which tools like TypeScript, Flow, and others could use.
领英推荐
Smartwatches offer myriads of features that help individuals take charge of their daily tasks and complete them quicker and with ease. From using the voice commands to dictate emails to sending short messages or to track their physical movements, water intake, SpO2, heart rate, stress, breathing exercises, stretching, etc., these devices have enabled us to tirelessly complete tasks without compromising on fitness and health. SpO2 has emerged as an important measure for fitness over the last two years. It is satisfying to keep a check on it from time to time just in case any medical assistance is required. On the other hand, earbuds let you answer calls hands free, which makes it easier to make notes or go on with other tasks, thereby boosting productivity. Features like ANC and ENC take care of the background noise to further enhance the quality of audio experience. And in case, you’re out running an errand during office hours, and forget a crucial meeting that was scheduled, your smartwatch will notify you. You can also pick up the call via your earbuds while you drive back home, and it is really happening out there.
A common approach is to run your stateful application in a VM or bare metal machine, and have resources in your Kubernetes cluster communicate with it. The stateful application becomes an external integration from the perspective of pods in your cluster. The upside of this approach is that it allows you to run existing stateful applications as is, with no refactoring or re-architecture. If the application is able to scale up to meet the workloads required by the Kubernetes cluster, you do not need Kubernetes’ fancy auto scaling and provisioning mechanisms. The downside is that by maintaining a non-Kubernetes resource outside your cluster, you need to have a way of monitoring processes, performing configuration management, performing load balancing and service discovery for that application. ... A second, equally common approach is to run stateful applications as a managed cloud service. For example, if you need to run a SQL database with a containerized application, and you are running in AWS, you can use Amazon’s Relational Database Service (RDS).?
Security is tough to get right, and it’s made more difficult by market pressures, cloud complexity and the growing prevalence of open source libraries. This has expanded the typical enterprise’s cyberattack surface to many times its size of several years ago. It has also provided more opportunities for potentially critical vulnerabilities to enter the development cycle and then persist into production. Log4Shell is the poster child for that problem. As a result, it’s more important than ever that we pay more than lip service to the concept of security as a shared responsibility within the organization. “Shared responsibility” is often used to mean greater boardroom buy-in, or in the context of behavioral change among staff, but it’s just as important in IT departments. We need developers to become more skilled in building secure products, but we also need to ensure apps in production continue running securely. Breaking down the silos between developers, operations and security teams will drive true DevSecOps practices. To get there, organizations should unify teams around a centralized platform that gives them visibility and control.
QA Executive
2 年Thank you